On Mon, 25 Jan 2021, António Silva wrote:
I’m using PSK.
Putting extra debug now.
If you are using PSK then the error CERTIFICATE_UNAVAILABLE from the
remote peer makes no sense whatsoevef.
RFC 2408 states:
3. Process the Certificate Request. If a requested Certificate Type
with the specified Certificate Authority is not available, then
the payload is discarded and the following actions are taken:
(a) The event, CERTIFICATE-UNAVAILABLE, MAY be logged in the
appropriate system audit file.
(b) An Informational Exchange with a Notification payload
containing the CERTIFICATE-UNAVAILABLE message type MAY be
sent to the transmitting entity. This action is dictated by
a system security policy.
I guess your debugging will show if libreswan sent any CERT or CERTREQ
payload that might have confused the other end ?
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
